Installing Release OpenShift on AWS

This section describes how to install the Release application on an OpenShift cluster on AWS.

Audience

This guide is intended for administrators with cluster administrator credentials who are responsible for application deployment.

Before You Begin

The following are the prerequisites required to install Deploy using Kubernetes Operator installer:

• Docker version 17.03 or later
• The kubectl command-line tool
• Access to a Kubernetes cluster version 1.19 or later
• Kubernetes cluster configuration
• If you are installing Release on OpenShift cluster, you will need:
  • The OpenShift oc tool
  • Access to an OpenShift cluster version 4.5 or later

Keycloak as the Default Authentication Manager for Release

• Keycloak is the default authentication manager with Release 22.1 and later.
• This is defined by the spec.keycloak.install parameter that is set to true by default in the dairelease_cr.yaml file.
• If you want to disable Keycloak as the default authentication manager for Digitial.ai Release, set the spec.keycloak.install parameter to false.
• After you disable the Keycloak authentication, the default login credentials (admin/admin) will be applicable when you log in to the Digital.ai Release interface.
• For more information about how to configure Keycloak for Kubernetes Operator-based Installer for Release, see Keycloak Configuration for Kubernetes Operator Installer.

Step 1—Create a Folder for Installation Tasks

Create a folder on your workstation from where you will execute the installation tasks, for example, ReleaseInstallation.

Step 2—Download the Operator ZIP

1. Download the release-operator-openshift-22.2.0.zip file from the Release Software Distribution site.
2. Extract the ZIP file to the ReleaseInstallation folder.

Step 3—Update the Platform Resource Files

To deploy the Release application on the OpenShift cluster, update the Infrastructure file parameters (infrastructure.yaml) in the folder where you extracted the ZIP file with the parameters corresponding to the OpenShift Cluster Configuration (kubeconfig) file as described in the table. You can find the OpenShift cluster information in the default location ~/.kube/config. Ensure the location of the kubeconfig configuration file is your home directory.

Note: The deployment will fail if the infrastructure.yaml is updated with wrong details.

Infrastructure File Parameters	OpenShift Cluster Configuration File Parameters	Parameter Value
serverUrl	server	Enter the server URL.
openshiftToken	openshiftToken	This parameter defines the access token to access your OpenShift cluster.

Step 4—Convert License and Repository Keystore Files to Base64 Format

1. Run the following command to retrieve StorageClass values for Server, Postgres and Rabbitmq:

   oc get sc

2. Run the keytool command below to generate the RepositoryKeystore:

   keytool -genseckey {-alias alias} {-keyalg keyalg} {-keysize keysize} [-keypass keypass] {-storetype storetype} {-keystore keystore} [-storepass storepass]

   Example

   keytool -genseckey -alias deployit-passsword-key -keyalg aes -keysize 128 -keypass deployit -keystore /tmp/repository-keystore.jceks -storetype jceks -storepass test123

3. Convert the Release license and the repository keystore files to the base64 format:

   • To convert the xlrLicense into base64 format, run:

   cat <License.lic> | base64 -w 0
   • To convert RepositoryKeystore to base64 format, run:

   cat <repository-keystore.jceks> | base64 -w 0

   Example

   keytool -genseckey -alias deployit-passsword-key -keyalg aes -keysize 128 -keypass deployit -keystore /tmp/repository-keystore.jceks -storetype jceks -storepass test123

note

The above commands are for Linux-based systems. For Windows, there is no built-in command to directly perform Base64 encoding and decoding. However, you can use the built-in command certutil -encode/-decode to indirectly perform Base64 encoding and decoding.

Step 5—Update the Custom Resource Definitions (Dairelease_Cr.Yaml)

1. Update the dairelease_cr file with the mandatory parameters as described in the following table:

note

For deployments on test environments, you can use most of the parameters with their default values in the dairelease_cr.yaml file.

Parameters	Description
AdminPassword	Admin password for xl-release
KeystorePassphrase	The passphrase for the RepositoryKeystore.
Persistence.StorageClass	The storage class that must be defined as Openshift cluster
RepositoryKeystore	Convert the repository keystore file for Digital.ai Release to the base64 format.
ingress.hosts	DNS name for accessing UI of Digital.ai Release.
postgresql.persistence.storageClass	The storage Class that needs to be defined as PostgreSQL
rabbitmq.persistence.storageClass	The storage class that must be defined as RabbitMQ
xlrLicense	Release license

note

For deployments on production environments, you must configure all the relevant/required parameters for your Openshift production setup, in the dairelease_cr.yaml file. See Default Parameters to know more about the parameters available in the Digital.ai release's dairelease_cr.yaml file and their default values. You must update the default values for the parameters per your requirements.

To configure the Keycloak parameters for OIDC authentication, see Keycloak Configuration for Kubernetes Operator Installer.

2. Update the relevant/required parameters for your Openshift production setup in the dairelease_cr.yaml file. See Default Parameters.

   If you want to use your own database, refer Using Existing DB topic, and update the dairelease_cr.yaml file.

Step 6—Set up the XL CLI

See Install the XL-CLI.

Note: Use the version that matches your product version in the public folder.

Step 7—Set up the Namespace

You can use any namespace for the installation. By default, digitalai namespace is used. First you need to create namespace, replace digitalai with your custom name if you would like to use some other name:

kubectl create namespace digitalai

In case you are not using digitalai as namespace or if you would like to install multiple release instances on the same cluster you need to use custom namespace setup. Got to the following document to see how to install the release operator to use custom namespace.

Step 8—Set up the Deploy Container Instance

1. Run the following command to download and run the Digital.ai Deploy instance:

   docker run -d -e "ADMIN_PASSWORD=admin" -e "ACCEPT_EULA=Y" -p 4516:4516 --name xld xebialabs/xl-deploy:22.2.0

   Note: Before running the command check if there is already running docker containers with name xld or the same port with docker ps command. Stop and delete the container with commands, for example with name xld: docker stop xld; doecker rm xld.

2. Wait Deploy has started and access the Deploy application:
   http://<host IP address>:4516/

Step 9—Activate the Release Deployment Process

1. Go to the release-operator-openshift of the extracted file and run the following command to activate the Release deployment process:

   xl apply -v -f digital-ai.yaml

Step 10—Verify the Deployment Status

1. Check the deployment job completion using XL CLI.
   The deployment job starts the execution of various tasks as defined in the digital-ai.yaml file in a sequential manner. If you encounter an execution error while running the scripts, the system displays error messages. The average time to complete the job is around 1 minute.

   Note: The running time depends on the environment.

   

   To troubleshoot runtime errors, see Troubleshooting Operator Based Installer

Verify the deployment succeeded, do one of the following:

• Open the local Deploy application, go to the Explorer tab, and from Library, click Monitoring > Deployment tasks

• Run the following command in a terminal or command prompt:

  

To check the deployment status using CLI, run the following command:

oc get pod

Step 11—Perform Sanity Checks

Open the Release application and perform the required deployment sanity checks.

Configure the User Permissions

• After the installation, you must configure the user permissions for OIDC authentication using Keycloak.
• For more information about how to configure the user permissions, see Keycloak Configuration for Kubernetes Operator Installer.
• If you need to update some of the default properties, see apply changes in the CR.